Nmap, or Network Mapper, is an open source Linux command line tool for network exploration and security auditing.
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 SSL handshake has read 3019 bytes and written 463 bytes Issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 NzA4MjEyMTU5MDBaMBcxFTATBgNVBAMTDGluaXNtZWFpbi5pZTCCASI. HvcNAQEBBQADggEPADCCAQoCggEBANLrc8IH2BP51XLhR6L2/IjRuNYcoj6UH58K NzA4MjEyMTU5MDBaMBcxFTATBgNVBAMTDGluaXNtZWFpbi5pZTCCASIwDQYJKoZI MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDĮxpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA1MjMyMTU5MDBaFw0x
MIIFDjCCA/agAwIBAgISA0nt67i+GAazJs4e+bBSMqB6MA0GCSqGSIb3DQEBCwUA I:/O=Digital Signature Trust Co./CN=DST Root CA X3 I:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3ġ s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 CONNECTED(00000003)ĭepth=2 O = Digital Signature Trust Co., CN = DST Root CA X3ĭepth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 You can also test for TLS 1 or TLS 1.1 with -tls1 or -tls1_1 respectively. If you don’t see a certificate chain, and instead something similar to “handshake error”, you know the server does not support TLS 1.2/1.3. If you get a certificate chain and handshake like below, you know the server in question supports TLS 1.2/1.3. Run the following command in terminal, replacing with your own domain:įor TLS 1.2: openssl s_client -connect :443 -tls1_2įor TLS 1.3: openssl s_client -connect :443 -tls1_3 This is extremely important due to the inherent vulnerabilities in SSL and TLS version prior to 1.OpenSSL is a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, and is installed on many distributions of Linux by default. This is an excellent PowerShell script if you want to test which SSL and TLS protocols are enabled on your webserver.
0 kommentar(er)
